Governing the data world (with Daragh O’Brien)

Show Notes

Welcome to the Serious Privacy podcast, where Paul Breitbarth, Dr. K Royal, and Ralph O'Brien connect with Daragh O'Brien of Castlebridge to talk about data governance, the weaponisation of DSARs (data subject access requests), and all the complexities thereof.

If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us!

From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Transcript

Tim 0:04

You're listening to the award-winning Serious Privacy Podcast sponsored by Trust Ark. Please welcome your hosts, Paul Breitbart, Ralph O'Brien, and Dr. Kay Royal.

Paul 0:17

So usually on this podcast, we talk about privacy, data perfection, AI, cybersecurity, and today we take a small look outside our regular remit and move into the domain of data governance, or that's the plan, until KP rails it. And we do so with a guest. Dara O'Brien is managing director of Castlebridge, an Irish boutique consultancy that helps organizations manage their information assets. Dara also lectures at the Law Society of Ireland and UCD Sutherland School of Law. And together with Catherine O'Keefe, he wrote the Bible, or at least my Bible, on data ethics. And finally, Mr. O'Brien likes to be addressed as Batman in his spare time, at least if the message is generated by artificial intelligence. So we'll just call him Dara. My name is Paul Breitbart. My name is Ralph O'Brien.

K 1:06

And I'm Kay Royal, and welcome to Not So Serious Privacy. Apparently, I haven't set up today. I love it. Hi, Darry. How are you? I'm good, Chris, Kate. Good to see you. Nice to meet you. I love it. Okay, the unexpected question. And our fans know that I've gone all out to find weird questions. Oh. No, I already chose one for today, but that was really cool. What is your favorite weird word?

SPEAKER_03 1:34

My favorite weird word. My favorite weird word is in the from the Irish language, but which means it means dickhead. Dickhead. Well, you've never learned a word from another culture that you can use in front of people and not get in trouble.

K 1:54

Ooh, alright.

SPEAKER_03 1:56

I like that.

K 1:56

You might have to type that in the chat to me so I know the word. And then type the name so I know how to pronounce it.

Ralph 2:03

Let's see how our podcast transcription software deals with that one. It won't.

K 2:08

That's gonna be fun. Ralph, Paul?

Ralph 2:11

I think I'm going to apart from going for like the longest word in the English language, which is medical procedure, flocky-nocky hilly word prolification. That's probably one of my favorite ones. This question leaves me quite discombobulated. I will I'll leave it there.

Paul 2:26

Well, I do the serendipity of this question. But I would also be willing to go for supercalifragilistic expielidoches. Even though the sound of it is something quite atrocious. Yes.

K 2:37

You say it loud and always sound precocious.

Paul 2:40

If you start cleaning chimneys, you have a problem. I will not. As you can see, I'm wearing a fairly light shirt, so that's not suitable to clean chimneys. Plus, I'm living on the ground floor without any chimneys.

K 2:53

Oh, my favorite word is one I don't think I've ever used in general conversation, is syszy. And that is an alignment of three aerial things. So, like a solar eclipse would be a syzygy. So it's a lineup of three bodies. And so in reference to the sun, it would be during an eclipse.

Paul 3:14

Okay. I've never heard of that one.

K 3:16

And I like it. It's spelled S-Y-Z-I-G-Y. Ralph, I'm not going to ask you to spell yours, but you are going to have to type it in the show description. I'm just saying. That's going to happen to happen. And we'll hashtag supercalifradialistic expialidocious. Do y'all remember back in the day of texting on phones when you didn't have a screen and you had to press a one for A, a two for B, and three presses for C. And what you usually heard with teenage girls in the backseat was click click click click click click click click. They had a competition of what child could text supercalifornia HB allados the fastest.

Paul 3:54

Oh wow.

K 3:55

Using the one, two, three, one, two, one, two, three, one, two, one, two, one.

Paul 3:58

That's called a T9 keyboard. A what? A T9 keyboard.

Ralph 4:03

A C N T9. T9. T9. As opposed to a K line, of course. Wagamama was particularly good to text because you only had to press the letter once rather than multiple press. Waggamama was always good. Anyway. Voye!

K 4:19

To the actual podcast, which we haven't mentioned food yet, so it's not quite the cooking channel yet.

Paul 4:25

What do you mean? Ralph mentioned Wagamama?

SPEAKER_03 4:28

I think we're already there. No one's mentioned food if you're just mentioning Wagamama. We have they're low, but we have them.

Ralph 4:40

So Donna, you always give our guests a chance just before we go into the conversation, just to give like a brief bit of background for people who don't know them. Donna, who are you?

SPEAKER_03 4:49

What do you do? Oh God. The last question on the bus. It's interesting because for my daughter's school's career day, I actually had to do a presentation on what I do. So I actually sit down and think about what I do and Ah, and explain it to what age school? Teenage girls' high school.

K 5:09

So it was okay. I'll take my third graders classes over at high school at any day.

SPEAKER_03 5:14

It was interesting because what do I do? I've been working in the data space since the 90s, late 90s. And always on the business side and people side of data. I've done the techie stuff, but that's boring. The real fun is reprogramming people because you can't turn them off and turn them back on again. There's laws against that. And some practical impossibilities.

K 5:37

I'm gonna have an off button from now on. Rather than the big green on button, I'm gonna have an off button. So if someone tissed me out, I'm just gonna press turn them off.

SPEAKER_03 5:46

So what I do is I help change how people think about data. That's basically what I've been doing for my entire career. Data protection, data privacy is a subset of what I do because it's a set of rules applied to data that affects people. But there's other data and there's other rules. And having what a friend of mine calls the Swiss Army Knight Brain, where I under those computing as a hobby, and then wound up running data projects in a phone company. And then when I annoyed IT by doing data quality stuff they said was impossible, my team did it in a fortnight because we didn't know it was impossible, so we just went and did it. IT then, I believe there was a request for me to be moved over into regulatory because there's no data in regulatory, obviously, so there's no way I can be annoying IT. And then I wound up automating all of our internal regulatory reporting and external regulatory reporting stuff, all the billing accuracy, billing data quality checks, things like that we were doing the phone company that we were doing by ARM. That's how our brain works. Let's figure out a way of automating it. I had one that I had a really cool data quality tool we bought for customer data. And when I was speculing it, I went, this might be something you could use for other things. So let's buy a tool that works for other types of data. So there's a company called Informatica, they're a really big data quality metadata master data tool. I was the first customer for the company that they bought to get a data quality tool, a company called Similarity Systems. They were based in Dublin, and I was the first customer for Similarity Systems way back when. And I missed the old days when if I wanted a feature in my software, I could walk across, buy the chief technology officer, a cup of coffee, and have it by chip. But it was fun. We did a lot of cool stuff. Then in the data as a cell trader, setting up my own business as Castlebridge. Basically, as my old boss said to me at recent birthday party, I've been running the same project since 2002. But for different bands around various professional bodies on boards, contributing to bodies of knowledge for data management, data governance, two books on data ethics, as Paul has indicated. And yeah, now doing a doctorate in data governance, looking at why we might be getting it wrong or why we may paint ourselves into a corner for the last 25 years and what we needed to dig our way out of it. Because we're really good on structure, and all the research talks about structures and policies and rules. We forget about the people. Turns out, according to research published from University College Cork late last year, uh big shout out to Emerald. Hello, Cork. We we uh it there's a law, I have to do that. I the only person I heard hello to is Emerald.

K 8:30

Yes, you have to.

SPEAKER_03 8:31

We'd have to. Well, the UCC published a paper that basically reached the earth-shattered conclusion that data governance is largely a people problem. Shut up. So I'm actually I'd started my PhD my research at the PhD program back in 2024, looking at the people issues and looking at what I was calling human factors in data governance. Now that's evolved slightly, and I'm pulling in lots of interesting stuff to create a an interpretivist model for data governance, looking at the people things and looking at it not as individual people, not looking at it as people on an org chart, but looking at the network of decision makers and how that cumulative network contributes to our objective of having well-managed, governed, trusted, trustworthy data. I should write that down actually, because I have to do that.

Paul 9:24

Well, it's it's recorded now, so it will be written down for you by AI automatically.

K 9:28

Yeah, what have a transcript? I don't think I've been posting transcripts yet this year. I think I need to do that.

Paul 9:33

So, Dara, talk us a bit more about data governance, because I guess for many privacy professionals, that's something that they are not completely familiar with. Maybe it it rings a bell somewhere, but what exactly do we do if we govern data?

SPEAKER_03 9:51

Okay, we don't govern data. Let's start that remote. Data's a thing.

K 9:56

Let me take information governance out of my my policy then.

SPEAKER_03 9:59

No, no, flip it around. We govern stuff. We don't do stuff covered. So that's my first little linguistic element on it. Well, what we are ultimately looking at is how people and processes are expected to behave in relation to data and outcomes. And whether you're a data privacy person, whether you are a billing accuracy person, or whether you're the person responsible for managing the specification for the quality of the widgets that go into the side of an airplane, more or less the same thing. There are rules, there are requirements, and it's about understanding what they are, their structural inputs. And then within that, each person is handling that data, makes decisions on a day-to-day basis, on a moment-to-moment basis, that what they will do with that data or in relation to that data, and those decisions are what causes governance to emerge.

K 10:51

So whether they're conscious decisions or not?

SPEAKER_03 10:54

Whether they're conscious decisions or not, because you want them to be conscious, but their decision-making process is going to be informed by their professional tradition. So how would they be how are they being trained to think about things? You might have personal background and ways of thinking about stuff. Like I was talking to teenagers today, and quite always being asked, why does it matter if these companies have all my data? And I said, Because you're young and you've never seen how horrible the world can be. You really made their day. You're young. That's your fault. There's so much you have to learn. Well, those webs of what they're called webs of belief is a term in decented governance theory, stealing from Wittgenstein and philosophers like that. That's how people make decisions. And nobody goes to work wanting to do the data breach or send the unsolicited direct marketing. Almost nobody. In general, that's a population. So what we find is that those things happen because people don't have knowledge or they have a misunderstanding. And there's a guy called that Ragnar Lofstedt has done a huge amount of his area of research is risk governance and risk management. And he's one of his big research projects, research work was on health and safety law in the United Kingdom. He said, the laws are fine. People are just misunderstanding how they should be applied because of these sorts of issues. And data protection sits in a similar world where people go to Google, or now they ask ChatGPT, what are my rights? And they get their understanding from that source rather than going to the actual proper source. And that affects their understanding of things. So governance is about managing that, understanding that network of decision makers, and then figuring out how we influence that through structures and rules and policies that constrain people's decision making, but also through training and development of their professional traditions, their website belief and their knowledge. Because if you don't go those three things, you can have all the paper you want. People are still going to ignore it.

Ralph 13:00

I really like that. One of the things I actually say in my training is there's a lot of opinion out there. Even when I'm training, I say everything I say is only opinion. The law is the law. And what I hope to do is actually tell people to read the law and make their own conclusions, read the law, read the case law, make their own conclusions, because sometimes even the guidance we see from regulators is just another opinion, just another layer or lens of sort of opinion. And as you say, there's an awful lot of rubbish opinions out as well. Especially that which is now produced through AI when some of those rubbish stuff we see out there are replicated. So I guess the thing I'm asking you here, Darrow, is if there's so much misunderstanding, how do people know where to turn for the truth, especially in today's day and age?

SPEAKER_03 13:48

Oh, you're asking me the question of a post-truth society. If only someone has written a book about that, trust in the post-truth society is one of Ragnar Lofstead's areas of research and one of his books. And that's the challenge, is how do we establish not an agreed-upon truth, but an agreed-upon version of the truth at an organizational level or at a social and societal level as well. Really complicated there, but I've had to, it's been a little really funny that all the cool stuff I've spent the last year a bit looking at. And there's a meme that my daughter keeps sending me, the Viking meme of choose your battles. There's too many battles, you have more than enough battles, put some of those battles back. That's pretty much the way my year has been, last year and half. Looking at all the possible angles I could take on this particular piece of research. Because there's three different levels of data governance, your socio-technical, socio-legal governance, your organizational level. Then you've got individual level understanding of gurus. That's an interesting angle for someone else to research. If they want to research it, give me a call. I've got stuff.

Ralph 14:54

And there is some structure in the stuff already. A little bit. So is that a good definition of data governance then? An agreed upon organizational truth when it comes to information and information strategy?

SPEAKER_03 15:06

No, ultimately data governance isn't the truth. Data governance is the operating model for making sure people know what the structures are and what they're calling their interpretive space. What's the amount of regal room they have to make choices about data before they have to ask for someone else's permission or before they have to say, no, I can't do that. And within data governance, there's a concept called data stewardship, which has been co-opted and God bless certain professional bodies for certain sectors who ride into the world going, this is a term we've invented. Data stewardship and data champions, no. Sorry, we were us US data people, we were doing it a lot for a long time before it appeared on a certain exam when there's a certain body of knowledge. But data stewardship, and I'm gonna I've just been working on up one thing I found in my research was there was no actual definition on what data stewardship was. There's lots of definitions of what data stewards do. And one of the key things is everyone says, let's appoint data stewards. Let's give everyone a badge and make them a data steward, or let's go ahead and hire a data steward. The moment you open a spreadsheet and start typing in data, congratulations, you're a data steward. Once you have an act, an action, or a role where your data's passing through your hands, you lose stewardship responsibility to make the right decisions about that data in the context of your job role, that interpretive space that you operate with him. And that's the atomic unit of data governance is the person. But the operating unit of data governance is the network of people.

Ralph 16:44

That's really interesting. In the UK, for years in the public sector, we've had people called CIRO, senior information risk officers, and data champions, and when you've got your senior information risk officer, and then your information asset owner. And it's always interesting when people say to someone, you're an information asset owner, and they're like, great, what it's up.

SPEAKER_03 17:07

It's a precious, it's my precious. Answer these wriggles before you can access the system. It's really easy to create a job title on an org chart. And that's just one of the structural problems. We create the structures, we create the role, and then we put a person in the role. And for the first six months, that person might be the best person in the world, and then they get offered a job somewhere else, or they get old and decide to leave. And then the next person in the row, let's just say that they're not the best person in the world. And we see this happening not just in organizations, we see this happening with regulators, we see this happening with local supervisory functions. Politics. Politics. Oh, here the famous line from the hill, here comes the new boss, the same as the old boss. But the key thing we need to look at is not just those structures, but uh the the decision-making processes and knowledge that people have within those roles. And I often joke that when we see all these j buzzword job titles, I'm the AI governance man officer. Fantastic. What's that? How's that different to data? Explain to me how AI, in terms of the things that you would have to decide on, is different to data. And I used to joke that inevitably we would see an organization as the chief scapegoat officer, the CSO. The person is hired to every six months be fired. And then they disappear, they get really well paid, they disappear for six months as a Barbados, and then they come back as the chief scapegoat officer somewhere else. Because that's what they're doing. Some organizations, they effectively have them, the people that get fired and then mysteriously come back in again. But let's make it a formal job. But that's putting structure on it. Whereas a lot of organizations, people are already doing data stewardship, they're already in data protection, stewardship, data protection governance, because they're the person who goes, oh, I'll close the file account. I'll shred the stuff, I'll make sure everything, I'll go around the text above the photocopiers and shred it. That's a good behavior that secures data.

Ralph 19:10

I've always said this actually, that actually with competencies of individuals like that, I think we get a lot of data protection training and a lot of information security training wrong because quite often we tell people what the law says. We say, hey, here are the principles and here are the rights and all this kind of stuff. But actually, what the person generally needs to know is do I shut the filing cabinet? If something goes wrong, who do I tell? How long can I keep an email for? When do I throw out data? They don't really need to know what the law says, but they need to know how to treat the data they use in their job. And therefore we're screening them on the wrong things.

Paul 19:44

And having an integrated approach, that is something that I wrote down during the data leader summit there that you organized a couple of weeks ago. We need to move away from silos, not different programs for each law with separate roles for each individual, but take an integrated approach. It may be a challenge from a regulatory perspective, but that can be solved. It comes down to explainability.

SPEAKER_03 20:05

Yeah, and the report from that conference you were at, Paul, we're just getting that into production now to get the final finished version. And I even who attended the conference gets a copy for free, and there'll be copies available to buy from the Cowsbridge website.

Paul 20:17

And I think it's worth it because it was, I was there. It was, for me, it was really an eye-opening event. And already during the conference, I texted my boss. I think we have a problem uh in our organization because this may be something that we have overlooked in recent years. Not because we were do we just don't care, but maybe also because we were just not mature enough for a program like this as a scale-up. But I do believe that there was a lot said during those two days in Wexford where I thought, hey, this is actually going to be really helpful in the next phase of a scale-up company. One of the simple things that that Tony Mazzarella said, think differently and see what you can do yourself instead of always blaming the data or others not doing what they should be doing.

SPEAKER_03 21:08

Yeah, it's very easy to blame the data. Ronald Coes, the economist famous, if you give me the data, I'll torture to get whatever answer you want me to want me to have. Or words to that effect. But the keynote of that event, one of the just for Kay and Ralph, this is an event we've been running in our in Wexford for the last three years. We're just booking for next year. So we'll be announcing the day for next year shortly. It's always a merch. And we have a summit day, which is four topics with a keynote, panel, and audience interaction for 90 minutes. So not people popping up for 20 minutes saying how brilliant they are, but people are just sitting and talking in depth about the topic. And we do it under the Chatham House rule. So with some exceptions, or the new general, you can't attribute to people the things they said on the day explicitly. So that gives people a certain amount of freedom to toler, which is great. So keep an eye out. Dag DagleaderSowish.ie is the website and we'll have details of next year's conference up hopefully before the end of the May. And if not, by the end of June. But juggling a day job and a doctorate and all the other stuff, sometimes dates slip. Where do you find the time at all to do a doctorate? I was a wing. I I was up at half I was awake until 4 30 this morning working and then I was up again at seven to go to work.

Paul 22:27

You're leading a very healthy lifestyle, I hear.

SPEAKER_03 22:29

Very glad when this batch of deliverables are gone and I can take a few getting off to sleep.

Ralph 22:35

Sign me up for Dublin in March, Wexford. Not Dublin.

SPEAKER_03 22:39

Dublin's full and it's expensive. Apologies. Go to Wexford. Wexford. 90 minutes south of Dublin. The beer's a little cheaper.

Ralph 22:48

As people know, I love Ireland Ancestral Home. I've I took my kid around for a couple of years ago, did the whole mountains and the Gacomoa and Silicon Cliffs of Moa and all that kind of good stuff, so I love it over there. And my birthday is also March the 17th.

K 23:04

How was it my brother's birthday?

Ralph 23:06

You can't get more Irish than that. By the way, Derrida relation for those listeners.

Paul 23:11

Yeah, I was just going to ask, is there any all O'Brien's must be related somewhere, right? But nope. Not necessarily.

Ralph 23:18

No. They gave O'Brien to pretty much anybody who worked for the household. So you could be the chef and be known as Of Brian.

SPEAKER_03 23:26

It was a clan affiliation, not a bloodline affiliation. We could do a whole thing about the wonderful complications of Celtic brand law and how it has some parallels in data protection law and group privacy and group rights. Well, that's another podcast.

Paul 23:40

Yeah, absolutely. That might be one more on the indigenous privacy track, actually. Where we've done a few of those episodes and they are always fascinating. But yeah, back to back to the main topic there. Can privacy people, data protection people, are they suited to do data governance? Or do you need to have a different kind of foundation routing mindset?

SPEAKER_03 24:06

The answer to that question is wait and wait and see what my research says. Well, the suspicion is sometimes doing data protection is doing data governance work. So let's break down this silo. We're all doing data governance. We're deciding how data should be used and we're setting the rules and we're monitoring, providing oversight over the rules, we're doing data governance. So data protective people, yes, you can do data governance. But the issue comes to the professional tradition of webs and belief we bring to that as individual decision makers. Because if you're coming out of anything from a pure legal perspective, uh and you're seeing everything's a lens of legislation and liability, you're probably not going to be very good at data governance or data protection for while. Because you won't have the interpretive space to deal with things that come out of left field where the law is unclear, or where there isn't clear law to be followed, or a totally novel situation. And we dealt with one recently, really full one, with one of our clients, a right or erasure request came in from someone who had the most common name in the country that they're coming from, and they just would they were insistent that all of their data needed to be delisted, and the only information they were giving was their name. Good luck.

Ralph 25:33

Yeah, John Smith, Sing Patel, or in Ireland's case, Patrick O'Brien. You you don't know how close I came to being Patty O'Brien, being born on the 17th or not.

SPEAKER_03 25:44

So the key thing is for data group for data protection people, you're doing data governance. It's how you learn the broader skills. So when I'm with in UCD Sutherland School of Law, I teach a course on data governance and data protection practice as a module on professional diploma and LLM degree. So back in the old days, LLMs meant smarter lawyers. Today it means richer lawyers, but not necessarily more practically astute. But what I spend the first six weeks of the of that semester teaching is fundamental concepts in data management and fundamental concepts in data governance. Things like data modeling. How do you define how a customer relates to something else? How do you define what a customer is? Right. And what's metadata?

K 26:33

Oh, I hate metadata. I have them telling us, oh, it's only metadata. There's no privacy concerns. I'm like, what's in the metadata?

SPEAKER_03 26:40

Or I get I the session I was doing with my daughter's school this morning, I had a diagram that showed what a WhatsApp message can tell you if you have all the metadata.

K 26:51

You have the metadata, right?

Ralph 26:53

Wasn't it a Barack Obama who went out after the Snowden stuff and said, don't worry, the NSA is only looking at metadata, not the content.

SPEAKER_03 27:03

General Hayden said, we kill people with metadata.

K 27:06

Right?

Paul 27:07

The EFF actually has a really good summary on metadata on their website. They know you were standing on a bridge at midnight and called the suicide hotline, but nobody knows what you talked about, and more of examples along those lines.

SPEAKER_03 27:22

So I teach metadata, data modeling, data governance, introducing these concepts to refer to some baby lawyers. They're coming straight out of law school, getting a master's degree. They have this wonderful idea of what data protection law is. And the big complaint is always there's no law on this course for the first half of the semester. Then I hit them with this is the law, and this is how all this stuff matters to applying the law properly in practice.

K 27:50

Yeah, my privacy course does very similar. We present two topics, a class. It could be drones and online tracking or employer surveillance. And we tag the law in with it, and we still get complaints at the end. You didn't teach us the law. I'm like, we gave you the law for every single one of them and showed you where it fit under the law. If you didn't pick up on the law, that's your problem. Sorry, and I'll see it in your paper that I'm grading.

SPEAKER_03 28:16

Yeah. I'm looking forward to that now in a few weeks' time, grading papers. Yeah. It's fun.

K 28:23

It is fun until you see HIPAA misspelled 50,000 times. Which you probably don't have to worry about, right?

SPEAKER_03 28:32

You'd be surprised since generative AI came on the scene.

K 28:35

Oh. Very true. Because data's everywhere, right? It's not limited to the US. Exactly. No, I was just gonna say, we're at 30 minutes. Was there anything you wanted to make sure you were able to share with our listeners that we haven't gotten to?

SPEAKER_03 28:52

Very simple thing.

unknown 28:53

Okay.

SPEAKER_03 28:54

There's a lot of hype and a lot of hoopla around gender AI and AI adoption, et cetera. And the ethics of it are messy. I'm saying this is someone who should have been part of the Anthropic class action, but my publisher in the UK never registered the copyright in the U.S. So I have to pay for my own shoes now. I'm not getting fleet shoes. I'm sad. It'd be about $7,000 between two books.

K 29:17

It's it doesn't mean they didn't take your book. It just means the your copyright wasn't formally registered for them to know whether or not you're not.

SPEAKER_03 29:25

Exactly. So I'm excluded because I'm excluded from class, which is annoying. They did take my book, which is ironic. In fact, I've had a physical copy of the data ethics book stolen at a conference a few years ago. I did point out I made an announcement. Obviously, that person had missed the point. Well with AI and generative AI, one of the key things I'm seeing in my research is everything's focused on the adoption and whether we should adopt it or whatever. And what are the use cases? And we're still not seeing any huge, compelling use cases. There's little bits where it gives you some good stuff. And the gent again, as you chain things together, if you're happy to have an employee who makes stuff up and gets it wrong 61% of the time, better enough. But the bigger risk concern for me is the human side. Because the research that's coming out now that we've three two to three years' worth of data, we're seeing impacts on cognition, memory formation, learning. And then we have the fundamental element of it, you've automated all the entry-level jobs. How do people learn the skills that they need to do the job? To move up. So for your listeners, I have my five questions for strategic decision makers around AI adoption.

K 30:33

Oh, I like this.

SPEAKER_03 30:34

Question one: What are the skills you use today to do your job and be effective in your role? Question two. What jobs did you do as you progressed in your career to develop those skills? Yeah. Question three, what of those jobs and roles are you proposing to automate or replace using AI? Question four. How will the person who is going to replace you in five years' time have the skill to do your job?

K 31:10

Yep.

SPEAKER_03 31:10

Question five. What are you going to do about that now?

K 31:16

Oh, I like it.

SPEAKER_03 31:18

Here's a fundamental thing people are missing. As a company director, I have a fiduciary duty to my shareholders. I am legally required to act in the best interest of the company. If I'm gutting the knowledge base of the company and gutting its capability to function in the future because I'm making a decent margin now, I am not acting in the best interest of my shareholders. So if you want to bring things back to the fundamental shareholder theory mode of ethical thinking, we're mortgaging the future unless we start planning for how we replace the opportunities to learn for people working in organizations. Otherwise, we'll just wind up like the slightly overweaked people on the spaceship in Wally who didn't know how to fly the spaceship. And we won't have a friendly little robot to help us.

Paul 32:08

And on that note, we'll wrap up this episode of Sirious Privacy. Thank you for listening. And until next time, goodbye. Goodbye. Bye-bye.

K 32:18

Bye.

Tim 32:19

Now that was serious privacy. Please subscribe on your favorite podcast app and leave us a review. You can find us on LinkedIn, Instagram, and Blue Sky at Sirius Privacy. Feel free to drop us a question or a comment. We'd love to hear from you.